v1 release

data/.htaccess

@@ -0,0 +1,3 @@
+# .htaccess file in the 'data' directory
+Order Deny,Allow
+Deny from all

display.php

@@ -0,0 +1,47 @@
+<!DOCTYPE html>
+
+<!--
+/*
+*   smzint/Files (c) schmamazon.com 2025
+*/
+-->
+
+<html lang="en">
+    <?php
+    /*
+     *   smzint/Files (c) schmamazon.com 2025
+     */
+
+
+    include('../Auth/db.ini.php');
+    $fileId = filter_var($_GET['file'], FILTER_SANITIZE_NUMBER_INT);
+
+    $conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname);
+    if ($conn->connect_error) {
+        die("Connection failed: " . $conn->connect_error);
+    }
+
+    $sql = "SELECT name, description, type FROM smz_files_data WHERE id='$fileId'";
+    $result = $conn->query($sql);
+    $conn->close();
+    if ($result->num_rows > 0) {
+        while ($row = $result->fetch_assoc()) {
+            $fileName = $row["name"];
+            $fileDesc = $row["description"];
+            $fileType = $row["type"];
+        }
+    } else {
+        echo "Datei nicht in der Datenbank gefunden.";
+    }
+    ?>
+
+    <head>
+        <meta charset="UTF-8">
+        <title>smzint/Files</title>
+    </head>
+    <body>
+        <?php
+        echo "<h1>$fileName<sup>$fileType</sup></h1><p>$fileDesc</p><br><form action='download.php' method='POST' target='_blank'><input type='hidden' name='file' value='$fileId'><input type='submit' value='Herunterladen'></form>";
+        ?>
+    </body>
+</html>

download.php

@@ -0,0 +1,45 @@
+<?php
+
+/*
+ *   smzint/Files (c) schmamazon.com 2025
+ */
+
+// download.php
+
+include('../Auth/db.ini.php');
+$fileId = filter_var($_POST['file'], FILTER_SANITIZE_NUMBER_INT);
+
+$conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname);
+if ($conn->connect_error) {
+    die("Connection failed: " . $conn->connect_error);
+}
+
+$sql = "SELECT * FROM smz_files_data WHERE id='$fileId'";
+$result = $conn->query($sql);
+$conn->close();
+if ($result->num_rows > 0) {
+    while ($row = $result->fetch_assoc()) {
+        $fileName = $row["name"];
+        $fileType = $row["type"];
+        $fileHash = $row["hash"];
+    }
+} else {
+    echo "Datei nicht in der Datenbank gefunden.";
+}
+
+$filePath = "data/$fileId";
+
+if (file_exists($filePath)&& hash_equals($fileHash, hash_file("ADLER32", $filePath))) {
+    // Set headers to force download
+    header('Content-Description: File Transfer');
+    header('Content-Type: application/octet-stream');
+    header('Content-Disposition: attachment; filename="smzintFILES-'.$fileName.'.'.$fileType.'"');
+    header('Expires: 0');
+    header('Cache-Control: must-revalidate');
+    header('Pragma: public');
+    readfile($filePath);
+    exit;
+} else {
+    echo "File not found.";
+}
+?>

index.php

@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+
+<!--
+/*
+*   smzint/Files (c) schmamazon.com 2025
+*/
+-->
+
+<html lang="en">
+    <head>
+        <meta charset="UTF-8">
+        <title>smzint/Files</title>
+    </head>
+    <body>
+        <h1>Available Files</h1>
+        <ul>
+            <?php
+            include('../Auth/db.ini.php');
+            $conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname);
+            if ($conn->connect_error) {
+                die("Connection failed: " . $conn->connect_error);
+            }
+
+            $sql = "SELECT * FROM smz_files_data WHERE public='1'";
+            $result = $conn->query($sql);
+            $conn->close();
+            if ($result->num_rows > 0) {
+                echo "<table>";
+                while ($row = $result->fetch_assoc()) {
+                    echo "" . $row["name"] . " | " . $row["description"] . " | " . $row["type"] . " <form action='download.php' method='POST' target='_blank'><input type='hidden' name='file' value='" . $row["id"] . "'><input type='submit' value='Herunterladen'></form></td></tr>";
+                }
+                echo "</table>";
+            } else {
+                echo "Keine Nachrichten";
+            }
+            ?>
+        </ul>
+    </body>
+</html>

upload.php

@@ -0,0 +1,111 @@
+<?php
+/*
+ *   smzint/* (c) schmamazon.com 2025
+ */
+
+
+include('../Auth/index.php');
+
+if ($uid != 0) {
+    die("403");
+}
+
+if ($_SERVER["REQUEST_METHOD"] == "POST") {
+
+    $fileName = filter_var($_POST["fileName"], FILTER_SANITIZE_STRING);
+    $fileDesc = filter_var($_POST["fileDesc"], FILTER_SANITIZE_STRING);
+    $fileType = filter_var($_POST["fileType"], FILTER_SANITIZE_STRING);
+    $public = $_POST["public"];
+    $fileId = getId();
+    $target_dir = "data/";
+    $target_file = $target_dir . $fileId;
+    $fileHash = hash_file("ADLER32", $_FILES["fileToUpload"]["tmp_name"]);
+    hashCheck($fileHash);
+    move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file);
+
+    $conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname);
+    if ($conn->connect_error) {
+        die("Server Error");
+    }
+    $sql = "INSERT INTO smz_files_data (id, name, description, public, type, hash) VALUES ('$fileId', '$fileName', '$fileDesc', '$public', '$fileType', '$fileHash')";
+
+    if ($conn->query($sql) === TRUE) {
+        echo "New record created successfully";
+    } else {
+        echo "Error: " . $sql . "<br>" . $conn->error;
+    }
+
+    $conn->close();
+}
+
+function getId() {
+    include('../Auth/random.php');
+    $id = random_int(0, 65535);
+
+    global $dbservername;
+    global $dbusername;
+    global $dbpassword;
+    global $dbname;
+
+    $conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname);
+    if ($conn->connect_error) {
+        die("Connection failed: " . $conn->connect_error);
+    }
+
+    $sql = "SELECT id FROM smz_files_data WHERE id='$id'";
+    $result = $conn->query($sql);
+    $conn->close();
+    if ($result->num_rows > 0) {
+        getId();
+    } else {
+        return $id;
+    }
+}
+
+function hashCheck($hash) {
+    global $dbservername;
+    global $dbusername;
+    global $dbpassword;
+    global $dbname;
+
+    $conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname);
+    if ($conn->connect_error) {
+        die("Connection failed: " . $conn->connect_error);
+    }
+
+    $sql = "SELECT id FROM smz_files_data WHERE hash='$hash'";
+    $result = $conn->query($sql);
+    $conn->close();
+    if ($result->num_rows > 0) {
+        while ($row = $result->fetch_assoc()) {
+            die("Datei Existiert schon (siehe <a href=display.php?file=" . $row["id"] . ">" . $row["id"] . "</a>).");
+        }
+    } else {
+        return true;
+    }
+}
+?>
+
+<!DOCTYPE html>
+<html>
+    <head>
+        <title>smzint/Files - UPLOAD</title>
+    </head>
+    <body>
+        <form action="upload.php" method="post" enctype="multipart/form-data">
+            <p><input type="radio" id="public" name="public" value="1">
+                <label for="user_by_id">Öffentlich</label></p>
+            <p><input type="radio" id="public" name="public" value="0"><br>
+                <label for="user_by_id">Privat</label></p>
+            <p><label for="fileName">Name</label><br>
+                <input type="text" name="fileName" id="fileName"></p>
+            <p><label for="fileDesc">Beschreibung</label><br>
+                <textarea name="fileDesc" id="fileDesc"></textarea></p>
+            <p><label for="fileType">Type</label><br>
+                <input type="text" name="fileType" id="fileType"></p>
+            <p>Select File to upload:
+                <input type="file" name="fileToUpload" id="fileToUpload"></p>
+            <input type="submit">
+        </form>
+    </body>
+</html>